+ Post New Thread
Results 1 to 15 of 15
Windows Server 2008 Thread, MSI installation with group policy - srv 2008 in Technical; Hello, I am having trouble installing msi files to computers using group policy. I have created a partition on the ...
  1. #1
    lafleur1977's Avatar
    Join Date
    May 2009
    Location
    Lancashire
    Posts
    160
    Thank Post
    119
    Thanked 4 Times in 4 Posts
    Rep Power
    11

    MSI installation with group policy - srv 2008

    Hello,

    I am having trouble installing msi files to computers using group policy. I have created a partition on the domain controller which stores all msi installation files in folders for each software (e.g. F:\java\java.msi) and the drive is shared with domain admins = full control. Security permissions also have domain admins = full control and the rest are defaults.

    When I assign an msi file in gp and assign that gp to the OU, the computers usually see the file when they restart, (installing managed software...) but then goes off straight away and does not install anything.

    Basically, can anyone tell me if I'm going wrong somewhere, perhaps permissions wise...

    Thanks for any help.

  2. #2
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,354
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Is the software installing before the drives are mapped? Try using the UNC path to teh server and share

  3. #3
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    40
    I had this problem. Try assigning the software from an xp workstation with the admin tools installed.

  4. #4
    lafleur1977's Avatar
    Join Date
    May 2009
    Location
    Lancashire
    Posts
    160
    Thank Post
    119
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    I have pointed the software directly in the gp (\\server\share\java\java.msi). What do you mean about mapping the drive?

    I will try assigning the software on a XP pc.

    Thanks.

  5. #5
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,354
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Has the "Everyone" group got read and execute permissions? If you check the event logs of the machine which isn't installing is there an error relating to permissions or packages?

  6. #6
    lafleur1977's Avatar
    Join Date
    May 2009
    Location
    Lancashire
    Posts
    160
    Thank Post
    119
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    No everyone does not have read and execute permissions. I will add it and try it. Does it also need to be in share permissions?

    Thanks.

  7. #7

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45
    Add 'domain computers' in group policy auth of group policy object, also have 'system' permission in share

  8. #8
    lafleur1977's Avatar
    Join Date
    May 2009
    Location
    Lancashire
    Posts
    160
    Thank Post
    119
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    Quote Originally Posted by irsprint84 View Post
    Add 'domain computers' in group policy auth of group policy object, also have 'system' permission in share
    What do you mean in group policy auth of gpo?

  9. #9

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45
    You know where it says auth users? you add it there

  10. #10
    lafleur1977's Avatar
    Join Date
    May 2009
    Location
    Lancashire
    Posts
    160
    Thank Post
    119
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    Quote Originally Posted by irsprint84 View Post
    You know where it says auth users? you add it there
    sorry not sure where you mean exactly, can you elaborate?

    Thanks

  11. #11
    mjs_mjs's Avatar
    Join Date
    Jan 2009
    Location
    bexleyheath, london
    Posts
    1,020
    Thank Post
    37
    Thanked 111 Times in 95 Posts
    Rep Power
    37
    Quote Originally Posted by lafleur1977 View Post
    No everyone does not have read and execute permissions. I will add it and try it. Does it also need to be in share permissions?

    Thanks.
    Try adding authed users with read and execute permissions. You will need this in the NTFS security settings on the server and allow access when sharing the folder also. once you have it working you should find that you can start restricting permissions to make it a little more secure. Also deny everyone but administrators from viewing folder contents (list folder:deny it) that way if they do come accross the folder they cant see sub folders of files.

  12. #12

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45
    Attached
    Attached Images Attached Images

  13. #13

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,094
    Thank Post
    217
    Thanked 1,292 Times in 802 Posts
    Blog Entries
    4
    Rep Power
    513
    If its an MSI install on startup, you need to allow 'Domain Computers' read (and possibly write) access to the installer and as an apply to in the GPO pane shown above. As its applying before logon.

    So domain computers need acces in the share, security and GPO windows.

  14. #14
    mjs_mjs's Avatar
    Join Date
    Jan 2009
    Location
    bexleyheath, london
    Posts
    1,020
    Thank Post
    37
    Thanked 111 Times in 95 Posts
    Rep Power
    37
    Quote Originally Posted by lafleur1977 View Post
    What do you mean in group policy auth of gpo?
    Group policies have security settings, like folders do, please see attachment.
    Attached Images Attached Images
    • File Type: jpg 1.jpg (292.7 KB, 16 views)

  15. #15

    Join Date
    Jun 2006
    Location
    Belfast, N\'Ireland
    Posts
    190
    Thank Post
    10
    Thanked 9 Times in 7 Posts
    Rep Power
    18
    Your folders need read access for everyone.

    If your installing by GPO the PCs will be processing the GPO before anyone logs in so the instalation packages need to be accessible to the workstation. I dunno if a workstation counts as "authenticated user" I have mine set to just be everyone read.

SHARE:
+ Post New Thread

Similar Threads

  1. Group policy software installation problem
    By m1ddy in forum Windows
    Replies: 10
    Last Post: 3rd October 2009, 09:47 AM
  2. Group Policy MSI issue..
    By Sunderwood in forum Windows
    Replies: 4
    Last Post: 14th April 2008, 01:48 PM
  3. Replies: 22
    Last Post: 19th March 2008, 09:56 AM
  4. msi install - group policy
    By TechSupp in forum Windows
    Replies: 2
    Last Post: 25th February 2008, 12:22 PM
  5. Force Group Policy installation to run again
    By Craig_W in forum Windows
    Replies: 4
    Last Post: 28th November 2006, 11:38 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •